Zombieboy, a malware that attacks weak points

The cryptocurrency explosion has also led to the emergence of a new class of threats to business systems: mining malware.

These are malicious programs that divert the processing capacity of computers towards the mining of virtual currencies. The most targeted would be Monero and Zcash.

The name comes from the ZombieboyToolkit that is used by the malware to install its DLL (Dynamic Link Library) file that will then run it.

This is an extremely infectious trojan that uses WinEggDrop to identify the machines to attack.

The code contains parts in simplified Chinese, so it is assumed that it is the source and according to some analysts it is able to mine at 43 KH/s, managing to get about $1000 per month for each computer infected.

This malware is able to attack a lot of vulnerabilities or CVEs, Common Vulnerable Exposures, including CVE-2017-9073, in the remote desktop protocol in MS server 2003 and also DoublePulsar and EthernalBlue, increasing the chances of infection and making it very complex to get rid of it.

The worm software is encoded with Themedia, making reverse engineering and the elaboration of specific defensive tools extremely complex.

This, combined with links to other Chinese malware, suggests that it is a tool that is likely to evolve further, and according to authoritative security experts, ZombieBoy’s double backdoors may have been created to facilitate access to ransomware, keyloggers and so on.

For companies that wish to defend themselves against these attacks, it is necessary to set up an integrated and immune system by providing some protective measures such as:

enabling two-factor authentication;

disabling access to unused ports and services;

investing in endpoint security;

having an updated antivirus;

developing backup practices and making them active

These are just some of the aspects that need to be taken into consideration in order to create a system that is safe and, above all, that does not consume resources for the benefit of third parties.

Graduated with honors from Bocconi University, Fabio is a consultant for companies and wounded shareholders of the Banche Venete. He is also the author of "Scenari Economici", and lecturer and analyst of cryptocurrencies since 2016.